Evaluating MAPSec by marking attack graphs
نویسندگان
چکیده
MAPSec has recently been introduced as a security protocol for mobile telecommunication networks in the midst of numerous threats and vulnerabilities. Our initial study reveals that MAPSec can only provide protection coverage to a minor portion of the total network vulnerabilities. Motivated by this discovery, we have devised a toolkit—Cellular Network Vulnerability Assessment Toolkit for Evaluation (eCAT) to identify: (1) Exact protection coverage of MAPSec, in terms of percentage of attacks prevented; (2) Other kinds of security protocols required in addition to MAPSec; and (3) The most vulnerable network areas. We use the results from eCAT in Coverage Measurement Formulas (CMF) to identify other vulnerabilities. Results from eCAT are dually useful in that they not only reveal MAPSec’s limited effectiveness but also provide insights into overall network vulnerabilities.
منابع مشابه
A particle swarm optimization algorithm for minimization analysis of cost-sensitive attack graphs
To prevent an exploit, the security analyst must implement a suitable countermeasure. In this paper, we consider cost-sensitive attack graphs (CAGs) for network vulnerability analysis. In these attack graphs, a weight is assigned to each countermeasure to represent the cost of its implementation. There may be multiple countermeasures with different weights for preventing a single exploit. Also,...
متن کاملAn Ant Colony Optimization Algorithm for Network Vulnerability Analysis
Intruders often combine exploits against multiple vulnerabilities in order to break into the system. Each attack scenario is a sequence of exploits launched by an intruder that leads to an undesirable state such as access to a database, service disruption, etc. The collection of possible attack scenarios in a computer network can be represented by a directed graph, called network attack gra...
متن کاملA Concise Network-Centric Survey of IP Traceback Schemes based on Probabilistic Packet Marking
Multiple probabilistic packet marking (PPM) schemes for IP traceback have been proposed to deal with Distributed Denial of Service (DDoS) attacks by reconstructing their attack graphs and identifying the attack sources. In this paper, ten PPM-based IP traceback schemes are compared and analyzed in terms of features such as convergence time, performance evaluation, underlying topologies, increme...
متن کاملTowards an Adaptive Packet Marking Scheme for IP Traceback
Denial of Service attacks have become one of the most serious threats to the Internet community. An effective means to defend against such attacks is to locate the attack source(s) and to isolate it from the rest of the network. This paper proposes an adaptive packet marking scheme for IP traceback, which supports two types of marking, namely source router id marking and domain id marking. For ...
متن کاملAdjusted Probabilistic Packet Marking for
Distributed denial-of-service attack is one of the greatest threats to the Internet today. One of the biggest diiculties in defending against this attack is that attackers always use incorrect, or \spoofed" IP source addresses to disguise their true origin. In this paper, we present a packet marking algorithm which allows the victim to traceback the approximate origin of spoofed IP packets. The...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Wireless Networks
دوره 15 شماره
صفحات -
تاریخ انتشار 2009